Sunday, June 22, 2008

Security: You're doing it wrong

A couple weeks ago, Bruce Schneier blogged about this motivational poster. He thought it was funny, and it is, but it can also have a deeper meaning. I like to think of it as a reminder.

If you're a programmer, when was the last time you thought about how your program could be exploited? What about the sensitive data stored in your database? Or how that data is accessed?

Security is an arms race, a never-ending process of trying to stay one step ahead of the bad guys. The bad guys will never stop looking for exploits, which means you can never stop thinking about the security of your system. The fact is, you're probably doing something wrong, because even if you follow good security practices the rules keep changing.

So yeah, it's funny. But it's also true.

No comments: